Cookie Poisoning is the modification of the contents of a cookie (personal information stored as a small file in a Web user's computer) in order to bypass security mechanisms. A Cookie Poisoning attack is a technique by which hackers can gain unauthorized information about a user for purposes of identity theft and other online fraud. The user's stored cookies contain information that enables the Web applications to authenticate the user identity, expedite transactions, track site usage and display content to the user based on established identity and preferences. For example, when a user logs into a Web site that requires authentication, a login CGI (Common Gateway Interface) validates username and password and sets a cookie with a numerical identifier in the user's browser. When the user browses to another page, another CGI fetches the cookie and delivers personalized content based upon the values contained in the cookie. Cookie Poisoning can be an effective tool for hackers because programmers store sensitive information in the supposedly invisible cookie. Unless security measures are in place, attackers can examine a cookie to determine its purpose and edit it so that it enables them to steal information from the Web site that sent the cookie. Cookies can be protected by encryption. Cookie encryption creates a digital signature that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server. |